UbuntuUpdates.org

Package "libcupscgi1"

Name: libcupscgi1

Description:

Common UNIX Printing System(tm) - CGI library
Latest version: 2.2.7-1ubuntu2.10
Release: bionic (18.04)
Level: updates
Repository: main
Head package: cups
Homepage: https://www.cups.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libcupscgi1"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libcupscgi1" in Bionic

Repository Area Version
base main 2.2.7-1ubuntu2
security main 2.2.7-1ubuntu2.10

Changelog

Version: 2.2.7-1ubuntu2.10 2023-06-01 14:07:12 UTC

  cups (2.2.7-1ubuntu2.10) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via buffer overflow in format_log_line
    - debian/patches/CVE-2023-32324.patch: check _cups_strlcpy size in
      cups/string.c.
    - CVE-2023-32324

 -- Marc Deslauriers <email address hidden> Thu, 25 May 2023 08:44:11 -0400
Source diff to previous version
CVE-2023-32324 Heap buffer overflow in cupsd

Version: 2.2.7-1ubuntu2.9 2022-05-31 17:06:23 UTC

  cups (2.2.7-1ubuntu2.9) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in ippReadIO
    - debian/patches/CVE-2019-8842.patch: fix check in cups/ipp.c.
    - CVE-2019-8842
  * SECURITY UPDATE: buffer overflow in ippReadIO
    - debian/patches/CVE-2020-10001.patch: fix bounds checks in cups/ipp.c.
    - CVE-2020-10001
  * SECURITY UPDATE: Local authorization cert bypass
    - debian/patches/CVE-2022-26691-1.patch: fix string comparison in
      scheduler/cert.c.
    - debian/patches/CVE-2022-26691-2.patch: fix the comment in
      scheduler/cert.c.
    - CVE-2022-26691

 -- Marc Deslauriers <email address hidden> Fri, 27 May 2022 11:03:33 -0400
Source diff to previous version
CVE-2019-8842 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Se
CVE-2020-10001 An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina,
CVE-2022-26691 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big

Version: 2.2.7-1ubuntu2.8 2020-04-27 16:06:30 UTC

  cups (2.2.7-1ubuntu2.8) bionic-security; urgency=medium

  * SECURITY UPDATE: information disclosure via OOB read
    - debian/patches/CVE-2019-2228.patch: fix ippSetValueTag validation of
      default language in cups/ipp.c.
    - CVE-2019-2228
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2020-3898.patch: properly handle invalid
      resolution names in cups/ppd.c, ppdc/ppdc-source.cxx.
    - CVE-2020-3898

 -- Marc Deslauriers <email address hidden> Fri, 24 Apr 2020 10:42:08 -0400
Source diff to previous version
CVE-2019-2228 In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in
CVE-2020-3898 heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c

Version: 2.2.7-1ubuntu2.7 2019-08-20 06:07:11 UTC

  cups (2.2.7-1ubuntu2.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Stack buffer overflow in SNMP ASN.1 decoder
    - debian/patches/CVE-2019-86xx.patch: update cups/snmp.c to check for
      buffer overflow when decoding various ASN.1 elements.
    - CVE-2019-8675
    - CVE-2019-8696
  * SECURITY UPDATE: Buffer overflow in IPP
    - debian/patches/CVE-2019-86xx.patch: update cups/ipp.c to avoid
      buffer overflow due to tag type confusion
  * SECURITY UPDATE: Denial of service and memory disclosure in scheduler
    - debian/patches/CVE-2019-86xx.patch: update scheduler/client.c to
      avoid a denial of service and possible memory disclosure if the
      client unexpectedly closes the connection

 -- Alex Murray <email address hidden> Fri, 16 Aug 2019 16:42:45 +0930
Source diff to previous version
CVE-2019-8675 stack-buffer-overflow in libcups's asn1_get_type function
CVE-2019-8696 stack-buffer-overflow in libcups's asn1_get_packed function

Version: 2.2.7-1ubuntu2.6 2019-06-10 16:06:57 UTC

  cups (2.2.7-1ubuntu2.6) bionic; urgency=medium

  * d/p/0045-Fix-an-issue-with-PreserveJobHistory-and-time-values.patch
    Fix an issue with `PreserveJobHistory` and time values
    (Issue #5538, Closes: #921741, LP: #1747765)

 -- Dariusz Gadomski <email address hidden> Thu, 30 May 2019 10:02:17 +0200
1747765 PreserveJobHistory and PreserveJobLog do not respect numeric input as outlined in the docs
921741 cups: Cups sheduler stops with program error when using JobPreserveHistory <seconds> - Debian Bug report logs


About   -   Send Feedback to @ubuntu_updates